Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 1165 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Firewall for Home - generate locally signed certificate is dim

Michael L

In order to control kid's internet access time, I enabled the authentication. If using "web authentication for unknown users", timeout will happen after about 10 min if using other app such as YouTube. Hence I try to deploy the agent. The problem is the "generate locally signed certificates" is dim and I could not create agent cert.

From another post in the forum, this issue happens in evaluation and it would be gone after registration. However I checked that the home firewall has been registered but the licenses are still Evaluating. Does it mean Sophos FW home not support "generate locally signed certificate"?



This thread was automatically locked due to age.
  • 0

    Hi,

    I dont use this feature but do have XG Home edition running SFOS 18.0.5 MR-5-Build586. If I navigate to System->Certificates and click "Add" the "Generate locally signed certificate" option is available.

    Depending on what the kids devices are, and how many they have, perhaps you could setup a time restriction on the firewall rule instead of authentication, and base it on the source address of the devices? e.g. if you hand out reserved IP addresses to either the kids devices, or all other devices on your home network then you could either allow/deny these in a rule. I know its not full proof but might be good enough?

    Cheers,

  • 0

    Hi,

    the home licence is always in evaluation.

    I use clientless users/groups, fixed IP addresses from the XG DHCP server and specific rules allowing access you can also setup specific rules for groups using the clientless groups with time based policies. You will need to use the http/s decrypt and scan with IPS policies and install the XG CA on their devices.

    Ian

  • +1

    Hello Michael,

    Thank you for contacting the Sophos Community.

    Adding to what Gavo and Rfcat mentioned, make sure the Default Certificate authority is filled up already.

    Certificates >> Certificate Authoriries >> Default.

    Regards,

  • 0 in reply to emmosophos

    Thank Emmanuel, yes it is the issue. I need to set the default cert.

    Thank the input from Gavo and Rfcat too. Since my kid have more than one device, I will limit 2 hour internet access per day for all devices in total. Hence I need to set the daily surface time quota and to enable the authentication.